CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

263044 matches found

Nuclei•added 14 hours ago•17 views

Rating by BestWebSoft < 0.2 - Cross-Site Scripting

The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18530 info: name: Rating by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6AI score0.01384EPSS

Exploits1References4

Nuclei•added 14 hours ago•33 views

GRAND FlAGallery 1.57 - Cross-Site Scripting

A cross-site scripting XSS vulnerability in facebook.php in the GRAND FlAGallery plugin flash-album-gallery before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. id: CVE-2011-4624 info: name: GRAND FlAGallery 1.57 - Cross-Site Scripting...

4.3CVSS5.1AI score0.07062EPSS

Exploits1References5

Nuclei•added 14 hours ago•42 views

WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)

A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F encoded dot dot sequences in the url parameter. id: CVE-2011-1669 info: name: WP Custom Pages 0.5.0.1 - Local File Inclusion LFI...

5CVSS5.5AI score0.22157EPSS

Exploits1References5

EUVD•added 14 hours ago•4 views

EUVD-2026-37552

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...

7.5CVSS5.7AI score

Exploits0References6

CVE•added yesterday•10 views

CVE-2026-25470

CVE-2026-25470 : Unauthenticated RCE in WordPress ACPT (Pro) – Custom Post Types Plugin for WordPress (ACPT) 2.0.47 if available; no public patch details provided in the documents. Exploitation status is not provided in the connected documents. Monitor for updates and vendor advisories for a con...

10CVSS5.4AI score

Exploits0References1

CVE•added yesterday•4 views

CVE-2026-39598

CVE-2026-39598 concerns WordPress Academy LMS Pro plugin (pre-3.5.2). The vulnerability is an Unrestricted Upload of File with a Dangerous Type, enabling an attacker to upload a web shell to the web server. Affected: Academy LMS Pro prior to 3.5.2. CVSS 3.1 metrics indicate NETWORK attack Vector,...

8CVSS5.2AI score

Exploits0References1

Cvelist•added yesterday•5 views

CVE-2026-39598 WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

Exploits0References1

CVE•added yesterday•9 views

CVE-2026-49073

Summary: CVE-2026-49073 affects the WordPress plugin Directorist Booking (wpWax Directorist Booking) versions up to 3.0.3. The issue is an SQL Injection in the plugin, allowing blind SQL injection through improper neutralization of special elements in SQL commands. The CVSSBase score is 8.5 (HIGH...

8.5CVSS5.6AI score

Exploits0References1

Cvelist•added yesterday•6 views

CVE-2026-49073 WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...

Exploits0References1

Cvelist•added yesterday•4 views

CVE-2026-49080 WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...

Exploits0References1

CVE•added yesterday•9 views

CVE-2026-49080

CVE-2026-49080 : Unauthenticated SQL Injection affecting the WordPress plugin wpDataTables, version

9.3CVSS5.7AI score

Exploits0References1

CVE•added yesterday•5 views

CVE-2026-49113

The CVE-2026-49113 entry concerns the WordPress Cornerstone plugin, affected versions earlier than 7.8.8. It describes a Subscriber-level Arbitrary Code Execution vulnerability, with CVSSv3.1 metrics indicating a NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, ...

8.5CVSS5.3AI score

Exploits0References1

Cvelist•added yesterday•4 views

CVE-2026-49113 WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability

Subscriber Arbitrary Code Execution in Cornerstone 7.8.8 versions...

Exploits0References1

Cvelist•added yesterday•5 views

CVE-2026-49057 WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JobSearch = 3.2.7 versions...

Exploits0References1

CVE•added yesterday•9 views

CVE-2026-49057

The CVE-2026-49057 entry concerns the WordPress JobSearch plugin (≤ 3.2.7) with Unauthenticated Broken Access Control. Concrete details found: affected software/product is WordPress JobSearch plugin; vulnerable component/condition is broken access control without authentication; impact is describ...

7.5CVSS5.1AI score

Exploits0References1

Cvelist•added yesterday•5 views

CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...

Exploits0References1

Cvelist•added yesterday•4 views

CVE-2026-48869 WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...

Exploits0References1

CVE•added yesterday•6 views

CVE-2026-40761

WordPress Theme Valeska <= 1.2.2 is affected by an unauthenticated PHP Object Injection vulnerability. Affected component: Valeska theme (WordPress). Root cause: PHP object injection in versions

8.1CVSS5.3AI score

Exploits0References1

CVE•added yesterday•13 views

CVE-2026-48869

CVE-2026-48869 : The WordPress Enfold theme (versions

7.1CVSS5.1AI score

Exploits0References1

CVE•added yesterday•6 views

CVE-2026-40759

CVE-2026-40759 affects WordPress Esmée theme versions

8.1CVSS5.3AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by